-
Notifications
You must be signed in to change notification settings - Fork 1
/
restoreMechToDefault.sh
59 lines (50 loc) · 1.68 KB
/
restoreMechToDefault.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/bin/bash
## Restores all System Rights to defaults from Jamf Connect
## Uses same Auth File from installation script
## NOTE ##
# The initial pam install script needs to have run first to make backups of the authorization rules #
# Create Backup Directory if it does not exist
if [ -d "/Library/Application Support/JAMF/PAM" ]
then
echo "PAM Directory exists."
else
echo "Error: PAM Directory does not exists."
mkdir -p /Library/Application\ Support/JAMF/PAM/backup
fi
# Checks for authorization_list
if [ -f "$authFile" ]; then
echo "$authFile exists"
else
echo "$authFile not found, installing..."
$JAMF_BINARY policy -event authFile
authorizations=$(cat "/Library/Application Support/JAMF/PAM/authorization_list.txt")
fi
# restore pam.d (remove Saml entry)
echo "Copying Sudo File"
cp /etc/pam.d/sudo /etc/pam.d/sudo.bak
echo "Inserting new line"
sed '/pam_saml.so/d' /etc/pam.d/sudo.bak > /etc/pam.d/sudo
echo "Editing Permissions on new File"
chmod 444 /etc/pam.d/sudo
chown root:wheel /etc/pam.d/sudo
echo "Clean up .bak"
rm -rf /etc/pam.d/sudo.bak
# restore pam.d (remove # lines)
echo "Copying Sudo File"
cp /etc/pam.d/sudo /etc/pam.d/sudo.bak
echo "edit lines"
sed 's/#auth/auth/' /etc/pam.d/sudo.bak > /etc/pam.d/sudo
echo "Editing Permissions on new File"
chmod 444 /etc/pam.d/sudo
chown root:wheel /etc/pam.d/sudo
echo "Clean up .bak"
rm -rf /etc/pam.d/sudo.bak
# Restore Authorization Function
function restoreAuthorization {
for authorization in $authorizations
do
echo "Restore default Mechanism to ${authorization}"
security authorizationdb write "${authorization}" < /Library/Application\ Support/JAMF/PAM/backup/${authorization}.bak
done
}
restoreAuthorization